Hey, let’s be honest: passwords are over. SMS‑codes, pushpopups, totp tokens, great in theory, weak in real‑life fights. bad guys surf that weakness like it’s a goldmine. phishing got too smart, MFA fatigue is real, and attackers no longer brute-force, they social-engineer the hell out of u. that’s where FIDO2 crashes in like a hero,…
Tag: Cybersecurity
Your Certificate Authority might betray u, like… for real :)))
aka: how to stop trusting blindly and lock down ur Microsoft ca before it ruins ur life What’s the big deal, why care about some “ca”? So CA is a topic a spicy one. like, most people don’t even think about certificate authority. it’s just “one of those servers in the corner” that got set…
Scheduled Password Changes Are an Outdated Practice
Hi for All and have a nice time, so today we are talking about passwords (ready?) Let’s think! • In most IT systems and various companies, mandatory periodic password changes are a common rule. At my company, passwords must be changed every three months. Do you think this approach is correct? After all, this practice…
OWASP Top 10 NHIs Risks 2025
1. Improper Offboarding When NHIs (Non-Human Identities) like service accounts, API keys, and machine credentials are not properly offboarded, they can become a security risk. This includes failing to deactivate old or deprecated secrets, leading to “zombie NHIs” that attackers can exploit. Automating the NHIs lifecycle ensures stale secrets are discovered and revoked, reducing attack…
How EDR Works?
Hu for All, that image appears to be an infographic or presentation slide explaining how Endpoint Detection and Response (EDR) works in cybersecurity. 1. **EDR Overview**: EDR is a cybersecurity solution that continuously monitors and analyzes endpoint activities to detect, investigate, and respond to threats like malware and ransomware. It records system behaviors, uses data…
Global Windows Crash with CrowdStrike protection systems installed
Global Windows Crash firstly- how to repair – from Russian experts!!! 1. Restart Windows and boot into Safe mode 2. Open a command prompt 3. Go to C:\Windows\System32\drivers\CrowdStrike 4. Locate the file matching “C-00000291* sys”, and delete it. [or Rename the file CSAgent.sys to something else, eg. donotcrash.sys] 5. Continue normal startup )))))))))) no need…
GDPR what the….
In May 2018, Europe will be switching to the updated regulations for the processing of personal data set by the General Data Protection Regulation (GDPR). This regulation, which directly applies in all 28 EU countries, replaces the Framework Directive on Personal Data Protection 95/46/EC from October 24, 1995. An important aspect of the GDPR is…
CYBERSECURITY INCIDENT RESPONSE PLAN “A”
Hello everyone, since I do consultations for my friends from time to time, I suggest you do a review of CYBERSECURITY INCIDENT RESPONSE PLAN. So, I sincerely hope it will be interesting. Standards: NIST Special Publication 800-61 NIST Cybersecurity Framework (CSF) Compliance: ISO 27001 – A.16 PCI DSS 3 – 10, 12.9 Regulation: EU GDPR…
Microsoft is investigating issues with VPNs and the latest Windows 11 update.
Microsoft has acknowledged reports of VPN connection issues after installing the April 2024 Windows 11 update, according to a report from Reddit user Flo-TPG. The KB5036893 security update, released on April 9 for all supported Windows 11 versions, has caused some users to experience issues with VPN connections that use TPM-backed certificates. According to Microsoft,…